Search Results (774 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5589 2 Drupal, Netgenius 2 Drupal, Multilink 2025-04-11 N/A
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
CVE-2012-5590 2 Drupal, Scripthead 2 Drupal, Webmail Plus 2025-04-11 N/A
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5651 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
CVE-2012-5652 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
CVE-2012-5654 2 Drupal, Nodewords Project 2 Drupal, Nodewords 2025-04-11 N/A
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.
CVE-2012-5655 2 Drupal, Steven Jones 2 Drupal, Context 2025-04-11 N/A
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
CVE-2010-1303 2 Drupal, Jim Berry 2 Drupal, Taxonomy Filter 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
CVE-2009-4990 2 Drupal, Jrbcs 2 Drupal, Webform Report 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2012-2703 2 Drupal, John Franklin 2 Drupal, Advertisement 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."
CVE-2012-2706 2 Drupal, Peter Pokrivcak 2 Drupal, Post Affiliate Pro 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration.
CVE-2012-2708 2 Antoine Beaupre, Drupal 2 Hostmaster, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log.
CVE-2012-2710 2 Drupal, John Albin 2 Drupal, Zen 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
CVE-2012-2717 2 Drupal, Mathew Winstone 2 Drupal, Mobile Tools 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
CVE-2012-2718 2 Drupal, Drupal-id 2 Drupal, Counter Module 2025-04-11 N/A
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
CVE-2012-2719 2 Blaine Lang, Drupal 2 Filedepot, Drupal 2025-04-11 N/A
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability."
CVE-2012-2726 2 Alberto Trujillo Gonzalez, Drupal 2 Protest, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter.
CVE-2012-2727 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 N/A
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2012-4468 2 Drupal, Privatemsg Project 2 Drupal, Privatemsg 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message.
CVE-2012-4474 2 Colorbox Node, Drupal 2 Dennis Blake, Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2012-4479 2 David Alkire, Drupal 2 Drag \& Drop Gallery, Drupal 2025-04-11 N/A
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.